Bugtraq mailing list archives
Re: in.fingerd follows sym-links on Solaris 8
From: "Matthew R. Potter" <mpotter () atpco com>
Date: Thu, 24 May 2001 13:47:18 -0400
I believe it could be dangeours in some cases, but people from Sun says that they won't repair the in.fingerd because:
Well finger is enabled by default and it runs as nobody... so you can't link to /etc/shadow... finger stream tcp6 nowait nobody /usr/sbin/in.fingerd in.fingerd I think finger even still bounces.. @host@host...
"There are may be legitimate reasons for finger to follow symlinks. If finger is considered a security issue, it can be disabled. (..)"
I think it's an issue of, what is the point of fixing it?
What do you think ?
I won't sleep at night over this one. Matt
Current thread:
- in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lyndon Nerenberg (May 24)
- <Possible follow-ups>
- Re: in.fingerd follows sym-links on Solaris 8 Matthew R. Potter (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 25)
- Re: in.fingerd follows sym-links on Solaris 8 J. Bol (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Joep Vesseur (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Darren Moffat (May 28)